General
-
Target
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7.exe
-
Size
731KB
-
Sample
241031-mxdmfaxbnq
-
MD5
8b6b09811835191f99d4e2e9d94d232c
-
SHA1
08edbf7da5b2e827978e178e5e49b45b5169d87c
-
SHA256
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7
-
SHA512
d271e1036f64725e9c713b43844363b7fbcc594ee95395b90ce7777b01a43385547446afbf7b778d1211e3e7780c36ba8143786aa0261b7a940ee63b0f0fd1df
-
SSDEEP
12288:8tvD9kg2V9Lki65FEx3ppAYNHS1Hf1CNoLOaZ3HC5mCO:1XlP609XkBjn
Static task
static1
Behavioral task
behavioral1
Sample
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7.exe
-
Size
731KB
-
MD5
8b6b09811835191f99d4e2e9d94d232c
-
SHA1
08edbf7da5b2e827978e178e5e49b45b5169d87c
-
SHA256
7bcd44c32c5d526659023b033c47e867068ae604484f85a21a4788cafe5b03e7
-
SHA512
d271e1036f64725e9c713b43844363b7fbcc594ee95395b90ce7777b01a43385547446afbf7b778d1211e3e7780c36ba8143786aa0261b7a940ee63b0f0fd1df
-
SSDEEP
12288:8tvD9kg2V9Lki65FEx3ppAYNHS1Hf1CNoLOaZ3HC5mCO:1XlP609XkBjn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
7399323923e3946fe9140132ac388132
-
SHA1
728257d06c452449b1241769b459f091aabcffc5
-
SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
-
SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
SSDEEP
192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1